Related Products

Contents

Introduction

This document explains the output of the PIX show processes command.
The show processes command displays information about the active
processes on the PIX.

Hardware and Software Versions

The information in this document is based on this software version.

PIX Firewall Software Release 6.1(1)

The show processes Command

The show processes command displays all the active processes running
on the PIX at the time the command is executed. This command is useful in determining
which processes are receiving too much CPU time and which processes are not
receiving any CPU time. In order to examine the CPU usage, issue the show processes
command twice, wai about one minute after you first issue the command before
you issue it a second time. Then, subtract the second Runtime value from the first
Runtime value. The result allows you to know how much CPU time (in milliseconds)
that process has received in that interval of time. It is important to note
that some processes are scheduled to run at particular intervals, while some
processes only run when they have information to process.

The 577poll process will most likely have the largest Runtime of all your processes.
This is normal because the 577poll process polls the Ethernet interfaces to
see if they have any data that requires action. Examples of common polling processes
include the following:

Since these are polling processes, they can be used as a reference when
comparing their Runtimes to other running processes.

The output of the show processes command should be used to compare one
process against another. For example, if the Logger process has a very large
runtime compared to the ip/0:0 process, then the PIX is spending more time generating
and sending syslogs than passing IP traffic out of the outside interface. While
this may not necessarily be a bad thing, if your PIX is running low on CPU resources
then you may want to try and cut down on your logging to save resources.

Below is an example of the show processes command output. Note that
many processes are created when needed. As such, the output below may differ
considerably from the show processes output on your PIX. Click on the
process name to find out more information about that process.

Scheduler test. Possible values: * (currently running),
E (waiting for an event), S (ready to run, voluntarily relinquished processor),
rd (ready to run, wake up conditions have occurred), we (waiting for an
event), sa (sleeping until an absolute time), si (sleeping for a time interval),
sp (sleeping for a time interval (alternate call), st (sleeping until a
timer expires), hg (hung; the process will never execute again), and xx
(dead: the process has terminated, but has not yet been deleted.).

PC

Current program counter.

SP

Current stack pointer.

State

Address of a thread queue.

Runtime (ms)

CPU time the thread has used, in milliseconds.

SBASE

Stack Base Address

Stack

Currently used and total stack space available,
shown in bytes.

Process

Name of the thread's function. See the Processes
section below for more information.

The Processes

The table below explains the individual processes in the show processes
command output.

Thread that prompts users for authentication and communicates with authentication
process.

udp_timer

Keeps track of UDP connections and marks UDP connections that exceed the timeout
for deletion.

i82543_timer

66MHz gigabit interface timer used to check interface statistics for SNMP
traps. Since this is a polling process, it is normal for the runtime value
of this process to be very large. The above output indicates normal operation.

i82542_timer

33MHz gigabit interface timer used to check interface statistics for SNMP
traps. Since this is a polling process, it is normal for the runtime value
of this process to be very large. The above output indicates normal operation.

557mcfix

Thread to watch interface statistics for errors.

557poll

Thread which polls the Ethernet interfaces to see if they have received traffic
that can be removed. Since this is a polling process, it is normal
for the runtime value of this process to be very large. The above
output normal operation.

Thread to listen for PDM connections (per interface). This thread is created
per interface once a HTTP command is applied to a given interface.

listen/pfm

Thread to listen to connections to the PIX using PIX Secure Telnet (such
as PIX Firewall Manager or Cisco Secure Policy Manager) (per interface).
This thread is created per interface once a Telnet command is applied to
a given interface.

listen/telent_(x)

Thread to listen for Telnet connections to the PIX (per interface). This
thread is created per interface once a Telnet command is applied to a given
interface.

listen/ssh_(x)

Thread to listen for SSH connections to the PIX (per interface). This
thread is created per interface once an SSH command is applied to a given
interface.